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ViaVideo Network Connection 


Although connecting any network device can be a confusing task, 
we at Polycom are all for simplifying things a bit. If you don’t have a 
network administrator to take care of all your connectivity issues, 
read the information in this document and you will be ready to go in 
no time. 


If you are a network administrator, go ahead and read the document 
anyway. Your secret’s safe with us! 


This document contains the following sections: 


Find Your Connection Type (page 1) 
Configure Your Connection (page 3) 
What's a Firewall? (page 11) 

What's a DMZ? (page 13) 

What’s a NAT? (page 14) 

Multiple IP Addresses (page 15) 

Network Configuration Screens (page 17). 


Pick Your Connection Type 


As simple as we can make it - just pick out your connection type from 
those shown below, perform the tasks in the appropriate section, 
and you're ready to communicate ViaVideo! 


Simple Connection - Just a Modem, Thanks 





lf your network connection is through a cable modem or DSL 
modem, use the configuration instructions on page 3. 
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Router With NAT, No Firewall 





lf your network connection is through a router with a Network 
Address Translator (NAT), but no firewall, use the configuration 
instructions on page 3. For more information about NATs, refer to 
“What's a Network Address Translator?,” on page 14. 


Router With Firewall 





lf your network connection is through a router with a firewall, use the 
configuration instructions on page 4. For more information about 
firewalls, refer to “What's a Firewall?,” on page 11. 


Router With Firewall, Using a DMZ 





lf your network connection is through a router with a firewall, and you 
want to set up your PC with ViaVideo in a “Demilitarized Zone” 
(DMZ) use the configuration instructions on page 7. For more 
information about DMZs, refer to “What's a DMZ?,” on page 13. 
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Through a Virtual Private Network 





lf your network connection is through a Virtual Private Network 
(VPN), use the configuration instructions on page 8. 


Configure Your Connection 


And you're ready to communicate ViaVideo! 


Simple Connection - Just a Modem, Thanks 





lf you are using a cable modem or DSL modem, you don’t need to 
make any configuration adjustments. Because of the limited 
bandwidth available, it is recommended that you select a lower line 
speed, such as 128, for most calls. Select line speeds in the Dialing 
Speeds screen (System Info>Setup>H.323>Dialing Speeds). 


Router With NAT, No Firewall 





To configure your ViaVideo to use your router’s Network Address 
Translator (NAT): 

1. Goto the Quality of Service and Firewall screen (System 
Info>Setup>H.323>QOS). 
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Select the System is Behind a NAT option. 


Enter your NAT’s external IP address in the NAT Outside 
(WAN) Address field. 

You can enter the address manually, or let ViaVideo enter it 
automatically by selecting the Auto discover NAT IP Address 
option. 

When you select Auto discover NAT IP Address, ViaVideo 
automatically discovers your external IP address and enters it in 
the NAT Outside (WAN) Address field. 


If you are using a proxy server, the Auto discover NAT IP 
Address option may not work correctly. You should enter your 
NAT's external IP address manually in this case. 





If you are using a firewall, you need to perform the following tasks: 


Configure ViaVideo to work with your firewall’s Network Address 
Transiator (NAT) 


Open and assign ports in the firewall to the PC running 
ViaVideo. 


Configure your ViaVideo for NAT 


To configure your ViaVideo to use your router’s Network Address 
Translator (NAT): 


1. 


Go to the Quality of Service and Firewall screen (System 
Info>Setup>H.323>QOS). 


2. Select the System is Behind a NAT option. 


Note When you select the System is Behind a NAT option, you 


will not be able to make video calls from the PC running 
ViaVideo to other PCs in your local area network. To make 
calls to other PCs in your local area network, de-select the 
System is Behind a NAT option. You can re-select this 
option at any time to re-enable exterior video calling. 
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3. Enter your NAT’s external IP address in the NAT Outside 
(WAN) Address field. 
You can enter the address manually, or let ViaVideo enter it 
automatically by selecting the Auto discover NAT IP Address 
option. 
When you select Auto discover NAT IP Address, ViaVideo 
automatically discovers your external IP address and enters it in 
the NAT Outside (WAN) Address field. 


lf you are using a proxy server, the Auto discover NAT IP 
Address option may not work correctly. You should enter your 
NAT’s external IP address manually in this case. 


Open and Assign Ports in the Firewall 


To configure your ViaVideo to operate with a firewall, perform the 
following tasks.For more information on the steps to configure 
specific routers and firewalls, see the Router and Firewall 
Compatibility page. 


Before you Begin 
Before you start, determine the internal IP address of the PC running 


ViaVideo. To do so, start the ViaVideo application and look in the 


System Information screen. 


In Your Firewall 


You will need to open and assign ports to the PC running ViaVideo 


in your router’s firewall interface software so that ViaVideo can listen 


for incoming calls and make outgoing calls. The exact steps and 
terms involved may be different in your firewall interface. 


For example, opening and assigning ports to the PC running 


ViaVideo is referred to in the Linksys firewall interface software as 


“Forwarding,” while the Cisco firewall software refers to assigning 
ports as “Port to Application Mapping.” However your firewall 
interface describes it, the concepts and tasks remain the same. 


1. Open a range of ports in your firewall. We recommend that you 
open the default ports: 3230-3235 for TCP and UDP 
Open port 1720 in your firewall. You must open this port for your 
ViaVideo to receive incoming calls, as specified by the 
International Telecommunications Union standards. 
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Note When you assign port 1720 to the PC running ViaVideo, this 
routes all incoming calls to that PC. This has the effect that 
no other PCs in your local area network can receive 
incoming videoconferencing calls. 


2. Assign the port range to the PC running ViaVideo. 
In some firewall interfaces, opening and assigning port numbers 
is performed in one step. 
In some firewall interfaces, you assign the ports to an IP 
address, while in others you assign the ports to an application, 
in this case ViaVideo. Either way works fine. 


In ViaVideo 
Now you need to point ViaVideo at the right port numbers. 


1. Goto the Quality of Service and Firewall screen (System 
Info>Setup>H.323>QOS). 


Quality of Service and 
Firewalls 
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2. Select the Use Fixed Ports option. 
3. If you used the default port range when assigning the ports in 


your firewall interface, you don't need to change anything. 
ViaVideo automatically enters this range. If you are using a 
different range, enter the port numbers for that range here. 


4. You should have already performed your NAT configuration. if 


not, see “Configure Your ViaVideo for NAT,” on page 7, and 
follow the instructions listed there. 
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Router With Firewall, Using a DMZ 
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If you are using a router with a firewall, and want to place the PC 
running ViaVideo outside the firewall, you need to perform the 
following tasks: 


¢ Configure ViaVideo to work with your firewall’s Network Address 
Translator 


¢ Assign your ViaVideo to the DMZ. 


Configure Your ViaVideo for NAT 


In addition to assigning your PC running ViaVideo to the DMZ, you 
also need to configure your ViaVideo to use your router's NAT. 


1. To configure your ViaVideo to use your router's NAT: 


2. Go to the Quality of Service and Firewall screen (System 
Info>Setup>H.323>QOS). 


3. Select the System is Behind a NAT option. 


4. Enter your NAT’s external IP address in the NAT Outside 
(WAN) Address field. 
You can enter the address manually, or let ViaVideo enter it 
automatically by selecting the Auto discover NAT IP Address 
option. 
When you select Auto discover NAT IP Address, ViaVideo 
automatically discovers your external IP address and enters it in 
the NAT Outside (WAN) Address field. 


if you are using a proxy server, the Auto discover NAT IP 
Address option may not work correctly. You should enter your 
NAT’s external IP address manually in this case. 


Assign your ViaVideo to the DMZ 


lf your router's firewall software provides a “Demilitarized Zone” or 
DMZ, simply follow your firewall’s instructions to assign the internal 
IP address of the PC running ViaVideo to the DMZ. This allows full 
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external access for the PC running ViaVideo, while the other devices 
in your internal network are protected by the firewall. 


Note This solution does not provide protection for the PC running 
ViaVideo. For more information about DMZs, see “What's a 
DMZ?,” on page 13. 


Through a Virtual Private Network 





To configure your ViaVideo to operate through a Virtual Private 
Network (VPN) you first need to configure your VPN (in Windows’ 
Settings>Control Panel>Network>Configuration). Select the VPN 
connection as your network connection before launching the 
ViaVideo application. 


Note Before activating your VPN, make sure that ViaVideo’s 
System is Behind a NAT option in the Quality of Service 
and Firewall screen (System Info>Setup>H.323>QOS) is 
not selected. 
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When you start ViaVideo, it detects the presence of multiple IP 
addresses assigned to your machine, and asks you which one you 
want to choose. 


Multiple IP Addresses? 
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Select the IP address of your VPN connection. ViaVideo displays 
this address in the System Information screen, in the bottom of the 
application window, and in your address book user information. 


© Polycom, Inc. 9 User Information Supplement 


User Information Supplement ViaVideo Network Connection 


If you want to change IP addresses once ViaVideo is already 
running, go to the H.323 screen (System Info>Setup>H.323 
Setup>H.323) and click Choose Other IP Address. 
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Note Before activating your VPN, make sure that ViaVideo's 
System is Behind a NAT option in the Quality of Service 
and Firewall screen (System Info>Setup>H.323>QOS) is 


not selected. 
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ViaVideo presents the Multiple IP Addresses screen., 


Multiple IP Addresses? 





Chose the IP address of your VPN connection and restart the 
application. 


Once the ViaVideo application re-starts, ViaVideo uses the IP 
address you specified. This address is displayed in the System 
Information screen, at the bottom of the application window, and in 
your address book user information. 


What's a Firewall? 


A firewall acts as a security barrier between one network and 
another. Usually the barrier is erected between an interior network, 
such as a Small Office Home Office (SOHO) network, and an 
exterior network, such as the internet. 


Firewall services are provided as part of the configuration software 
with most SOHO - quality routers, such as Linksys® and Cisco®. You 
can also run a firewall independent of your router by using one of the 
popular software-only firewall packages, such as Black Ice, Norton® 
Firewall, and McAfee® Firewall. 


With either type of firewall, the task of setting up a video 
communications connection with the outside world encounters the 
same problem: firewalls provide security for your network by putting 
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up a barrier to packet traffic, limiting outside access to your internal 
network. This is a good thing, but you wouldn't be reading this if you 
didn’t want to communicate with the outside world, so there are two 
solutions: opening ports in the firewall, and setting up a DMZ. 


This solution consists of opening ports in the firewall and assigning 
these ports to the PC running ViaVideo. This allows ViaVideo to 
freely accept and receive calls with the outside world, while 
maintaining protection for your PC and network. 


For both router-based and software-only types of firewalls, the 
procedure is the same, although most router-based firewalls allow 
you to specifically assign ports to the internal IP address of the PC 
running ViaVideo, software-only firewalls ask you to assign the ports 
to an application. Either way, the result is the same - your internal 
network is protected, and you have video communications access to 
the outside world. 


For information on opening and assigning ports in the firewall, see 
“Router With Firewall,” on page 4. 


Port Number Assignation 


ViaVideo has applied with the Internet Assigned Numbers Authority 
(LANA) for the default range of 6 ports: 3230 - 3235. You must also 
assign port 1720 to ViaVideo so-you can receive incoming calls. 


We recommend that you use the default range of ports for both TCP 
and UDP packet transfer. If you wish to assign a different range of 
ports, you can specify any registered, non-assigned ports in a 6-port 
range to ViaVideo. For a list of registered, non-assigned ports, go to: 
http://www.isi.edu/in-notes/iana/assignments/port-numbers. 


When you assign the ports to the ViaVideo application, the router 
reserves the assigned ports for use by ViaVideo. 


Is it Safe? 


The short answer is: “Safe enough.” Like any other defense, there's 
no such thing as a perfect firewall. Whenever you are connected to 
the outside world, there is always some risk that someone could gain 
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unauthorized access. The need for protection must be balanced 
against the need to communicate with the outside world. This is why 
most security solutions focus on minimizing the risk until it reaches 
an acceptable level. 


Opening ports in the firewall might seem at first like an unnecessary 
security risk. However, there are in reality so many ports (65535) 
that simply discovering which port might be open is difficult enough. 
In addition to the sheer number of ports, protections written into the 
operating system make it very difficult to gain unauthorized access 
to your network, even if those ports are open. Finally, only port 1720 
is open to receive incoming requests. The range of six ports is only 
open in your PC during a call. 


If “safe enough” isn't secure enough for you, then setting your 
ViaVideo up in a DMZ is safer option. For more information about 
DMZs, see the next section. 


What’s a DMZ? 


© Polycom, inc. 


Most firewalls provide DMZ configuration as a way to allow high 
availability access for web servers and video communications 
servers (that’s your PC running ViaVideo) while providing firewall 
access for the other devices in the network. A DMZ is not a physical 
location, but is instead a way to configure your network so that the 
devices that are “in” the DMZ are served by the router, but are 
outside the protection of the firewall. Devices in the DMZ then 
communicate with the other devices in the internal network through 
the firewall. 


This solution creates a “safe zone” within your internal network by 
effectively placing the video communications server outside of the 
firewall’s protection. In this way, no unauthorized connections are 
allowed within the firewall-protected zone, and the video 
communications server is allowed free access to the internet. Note 
that this configuration leaves the video communications server 
without protection from external sources. 


Setting up your ViaVideo’s computer in a DMZ is the quickest way to 
configure your ViaVideo to run while using a firewall. For more 
information about configuring your video communications server in 
a DMZ, see “Router With Firewall, Using a DMZ,” on page 7. 
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What's a Network Address Translator? 


A NAT is a set of services on the router that allow you to operate a 
local network of devices, each with its own locally unique IP address, 
while communicating to the Internet through a router which presents 
a single, globally unique IP address to the outside world. Most small 
business and home office (SOHO) routers provide NAT services. 


The NAT ensures that outgoing packets have a globally valid IP 
address, and that incoming packets go to the right device by 
translating between the internal IP address and the external IP 
address, owned by the router. This also adds an extra level of 
security by effectively masking the internal network behind a single 
external IP address. 


A simplified explanation of how this translation takes place is that 
when an internal device sends an outgoing packet to the router, the 
NAT service either notes the internal IP address or the port number 
of the device, and attaches an identifier to the external IP address of 
the outgoing packet, substituting the router’s globally unique IP 
address for the device’s internal IP address. When the answering 
packet comes back, the NAT notes the indentifier, re-assigns the 
packet to the device’s internal IP address, and sends it on its merry 
way. 
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Multiple IP Addresses 


If you are set up to use multiple IP addresses, ViaVideo detects the 
presence of these addresses. The first time you start up the 
ViaVideo application, ViaVideo presents the Multiple IP Addresses 
screen. 


Multiple IP Addresses? 








You can select the IP address you want to use and click OK. 


ViaVideo detects more than one IP address when: 
¢ There is more than one LAN card in your PC. 
¢ You are using a docking station and a PCMCIA network card. 


¢ You are connected to your network using a Virtual Private 
Network (VPN). 


if you want to change IP addresses once ViaVideo is already 
running, go to the H.323 screen (System Info>Setup>H.323 
Setup>H.323) and click Choose Other IP Address. 


Note Choose Other IP Address is displayed in the H.323 screen 
only when ViaVideo detects the presence of more than one 
IP address at startup. If you add another IP address while 


© Polycom, Inc. 15 User Information Supplement 


User Information Supplement ViaVideo Network Connection 


ViaVideo is running, you must restart the application so that 
ViaVideo can detect the new IP address. 





ViaVideo presents the Multiple IP Addresses screen, and you can 
choose which IP address you want to use. 


Once you restart the ViaVideo application, ViaVideo uses the IP 
address you specified. This address is displayed in the System 
Information screen, at the bottom of the application window, and in 
your address book listing. 
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Network Configuration Screens 





Quality of Service and Firewalls 


In this screen, you can configure your quality of service, Network 
Address Translator (NAT), and firewall options. 


Quality of Service and 
Firewalls 
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Use Fixed Ports Specifies the fixed ports assigned to 
ViaVideo when working with a firewall. 


System is behind a NAT Alerts ViaVideo to use the IP address 
that appears in the NAT outside (WAN) 
address field as its external IP address. 
When using a Virtual Private Network 
(VPN) for your network connection, 
make sure that System is behind a 
NAT is not selected. 


Auto discover NAT IP address 
Selecting this option activates 
ViaVideo’s automatic external IP 
address feature, which discovers your 
NAT’s external IP address and 
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automatically enters it in the NAT 
outside (WAN) address field. 


NAT outside (WAN) address 


IP Precedence 


Dynamic Bandwidth 


User Information Supplement 


Specifies the external IP address used 
by your NAT. If ViaVideo is unable to 
discover your external IP address 
automatically, you can enter it here. 


Specifies the priority given IP packages 
sent by ViaVideo. The default value for 
IP precedence is 5. 


Specifies use of dynamic bandwidth 
allocation. ViaVideo’s dynamic 
bandwidth function automatically finds 
the optimum line speed for a cail. 

If you experience excessive packet loss 
while in a call, the dynamic bandwidth 
function incrementally lowers the line 
speed until there is no more packet loss. 
After some time with no packet loss, the 
dynamic bandwidth function 
incrementally increases line speed until 
packet loss occurs. At this point, the 
dynamic bandwidth function lowers the 
line speed one increment to ensure 
minimal packet loss with maximum 
throughput. 
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